We have a code repository in GitHub which uses “develop” branch instead of main branch where all the PRs get merged.
We are also using CircleCi as our CI/CD solution and invoke Sonarcloud scan using CircleCi ORB.
However, we are never seeing the source code and the scan results sync to Sonarcloud when this happens.
We have seen this issue only for the repositories which use the “develop” branch and everything works fine when using the Main branch.
How can we overcome this issue? We cannot get rid of the “develop” branch as it would entail redoing our Github repo and there are several repos which are impacted by the issue.
Hello @ashish2_sapra2 ,
Are you using the official SonarCloud CircleCI Orb? Can you check if the orb is correctly invoked for the develop branch as well?
Yes, we are using the official Sonarcloud CicleCi Orb and is being correctly invoked for the develop branch.
develop branch marked as the default branch on GitHub on those repositories that use the
develop branch? Is it marked as the
main branch on SonarCloud (you can see this by navigating to your project and clicking on Administration > Branches & Pull Requests.
Thanks Tom. Checked this and the develop branch is the main branch.
So, i navigate to Project—> Branches → main and then select tab “Overall code”, should i see any and every vulnerability identified i.e. full scan results of the code?
That is really all I need is, since these projects have synced in new , i am trying to make sure:
we did end up scanning all the source code when it synced in first time, to get an accurate baseline?